1password Research Reveals Burned-Out Employees Are a Third Less Likely to Follow Security Guidelines and 60% More Likely to Engage in Shadow It
Workers in every industry are reporting extraordinarily high burnout, leading to apathy and a lower guard toward workplace security. To understand this burnout phenomenon, 1Password, a leader in human-centric security and privacy, released its first State of Access benchmark report, “The Burnout Breach.” The report, based on a survey of 2,500 adults, explores how workforce burnout has opened businesses to attacks, with trends such as remote and hybrid work, the “Great Resignation” and, most surprisingly, significantly worse behavior by cybersecurity professionals as the driving forces behind this new threat to business success and longevity.
“Pandemic-fueled burnout—and resultant workplace apathy and distraction—has emerged as the next significant security risk,” said Jeff Shiner, chief executive officer at 1Password. “It’s particularly surprising to find that burned-out security leaders, charged with protecting businesses, are doing a far worse job of following security guidelines—and putting companies at risk. It’s now a business imperative for companies to engage the humans at the heart of security operations with tools, training and ongoing support to create a culture of security and care that helps us all stay safe at work.”
Burnout Bad Behavior
1Password’s research found that a whopping 84% of security professionals and 80% of other workers are feeling burned out, which has led to serious backsliding around security protocols.
- Burned out employees ignore the rules: They’re a third less likely to follow their company’s security guidelines (59% for burned out vs. 80% for not burned out).
- Burnout is fueling a shadow IT renaissance: Sixty percent more burned-out employees than non-burned-out employees are creating, downloading or using software and apps at work without IT’s permission (48% vs. 30%).
- Security pros feel the heat: Security professionals are twice as likely as other workers to say that due to burnout, they are “completely checked out” and “doing the bare minimum at work” (10% vs. 5%). And significantly burned-out security professionals are more than twice as likely to say security rules and policies aren’t worth the hassle, compared to those who are only somewhat burned out (44% vs. 19%).
As Good as Gone
Burnout is also fueling the Great Resignation, in which employees leave their jobs in search of different careers, greater flexibility, deeper purpose or higher salaries. 1Password’s research reveals that these “ready to resign” employees are a significant security risk for companies.
- One foot out the door: Nearly two-thirds (64%) of respondents said they were actively looking for a new job, on the verge of quitting or open to the idea of switching jobs. Meanwhile, security professionals are nearly 50% more likely than other workers to be actively looking for a new job (13% vs. 9%).
- Done with it: “Ready to resign” employees are 50% more likely to say convenience is more important than security at work (24% vs. 16% who remain loyal to their current job).
- What are you going to do, fire me: Nearly 50% more employees looking to switch jobs are creating, downloading or using software and apps at work without IT’s permission (49%), compared to those with no interest in a job change (34%).
Security Pros: “Do As I Say, Not As I Do”
While the vast majority of security professionals (89%) say they favor security over convenience, security pros are far more likely to ignore their own best practices and engage in risky digital activities at work compared to other workers at an organization—burned out or not.
- Above the law: Security professionals are more likely than other types of workers to say they work around their company’s policies because they are trying to solve their own IT problems themselves (37% vs. 25%) or because they hate the software their company provides (15% vs. 5%).
- All in the family: Nearly four times more security professionals than other workers say they let family members, roommates or friends use their work computers (22% vs. 6%).
- The great installation: Four times more security professionals than other workers say they install apps or browser extensions the company hasn’t recommended or approved (29% vs. 7%).
Emerging Threats: Ransomware Hype, Phishing Bite
Looking beyond the new security threat of burnout, 1Password also explored security professionals’ perceptions of top threats at work, both for the previous year and in the year ahead. Security professionals cited ransomware as the top threat they’ve heard about (55%) and worry about (42% put it in their top three worries), though it falls far lower on the list of actual threats encountered last year as just 20% of security pros actually faced ransomware at work.
- Everyday attacks: Sixty percent of security professionals say their company encountered an emerging security threat last year, ranking the top threats as social media spoofing (32%), sophisticated phishing (32%) and a DDoS attack (32%).
- Go phish: Phishing is a top 3 concern for 1 in 4 security professionals. Phishing is especially dangerous because it manipulates human psychology by mimicking friends or coworkers in need of help—or companies or colleagues seeking to offer protection and assistance.
- Too good to be true: Over half (57%) of employees say they’ve recently encountered an email which they weren’t sure was phishing or not.
[To share your insights with us, please write to firstname.lastname@example.org]